GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity
692 commits 3 branches 11 tags 4.9 MiB
Commit graph

240 commits

Author SHA1 Message Date
Thomas Sjögren
98acc66436 map desc_ to benchmark headings 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2020-05-08 12:38:08 +02:00
Ilya Dus
d42fedc370 fix(sh): check default ubuntu locations of docker.service and docker.socket files 
Signed-off-by: Ilya Dus <ilyadoos@gmail.com>
 2020-04-10 16:26:25 +03:00
Thomas Sjögren
937ec4958a
Merge pull request #419 from zawazawa0316/fix_5 
Fix check conditions
 2020-03-09 14:54:32 +00:00
zawazawa0316
33566331d1 fix line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:48:10 +09:00
zawazawa0316
b046f930bc remove single space at line 230 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-09 23:45:25 +09:00
zawazawa0316
12f19d9f64 Fix check conditions 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-07 05:24:24 +09:00
zawazawa0316
b16da2c2ed Fix check condition 
Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
 2020-03-03 21:51:49 +09:00
Thomas Sjögren
269b71eed8 locate configuration file before we run the tests #410 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-12-17 15:03:54 +01:00
Thomas Sjögren
c8c5615061 correct grep #410 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-12-16 09:57:21 +01:00
Thomas Sjögren
ddad135d13 shellcheck 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-16 09:49:18 +02:00
Thomas Sjögren
d680213a7b fix /etc/sysconfig/docker 
closes #397

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-04 14:50:48 +02:00
Thomas Sjögren
d1934b614e
Merge pull request #390 from jammasterj89/master 
Issue #383 ability to exclude images
Closes #383, #369
 2019-08-29 15:10:53 +02:00
jammasterj89
e1d26673ee Remove check_images 
Removed check_images due to removal of -t parameter and $images being set in docker-bench-security.sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:50 +01:00
jammasterj89
4bb6e19965 Added check_images 
Added check_images which moves the previous $imgList into this function and removed the else as this is handled within the main .sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:10 +01:00
Thomas Sjögren
0cac0e339d catch community editions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-29 10:29:38 +02:00
Thomas Sjögren
77a3bc65d7 fix 5.28 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:59:49 +02:00
Thomas Sjögren
71f63a192a tmp fix for json 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:36:49 +02:00
Thomas Sjögren
17c6262d2f formating 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 12:14:35 +02:00
Thomas Sjögren
d7f1d9753a ignore section 8 if community edition 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 11:49:22 +02:00
Thomas Sjögren
a785c02c59 add INFO for section 8 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-28 10:26:44 +02:00
Thomas Sjögren
7110df800b section 8 docker enterprise skeleton 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 16:11:38 +02:00
Thomas Sjögren
bcd6e5dd55 json sections 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 16:10:59 +02:00
Thomas Sjögren
ca3714bc16 first pass on section 7 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 16:03:29 +02:00
Thomas Sjögren
3d6dd81956 first pass on section 6 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:52:06 +02:00
Thomas Sjögren
0b007baf7e first pass on section 5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:43:29 +02:00
Thomas Sjögren
e5c22c5f01 first pass on section 4 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:25:54 +02:00
Thomas Sjögren
f968597051 first pass on section 3 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 15:13:19 +02:00
Thomas Sjögren
6c6d0836a4 first pass on section 2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 14:54:08 +02:00
Thomas Sjögren
82644982a8 move old 2.13 to community checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-27 14:53:42 +02:00
Thomas Sjögren
d963b93fcc update info output 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-26 15:13:50 +02:00
Thomas Sjögren
28f16f0afd add 1.2.9, #ref https://github.com/docker/docker-bench-security/pull/359 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-26 14:41:37 +02:00
Thomas Sjögren
6105f02a16 first pass on section 1 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-26 14:37:25 +02:00
Thomas Sjögren
326e31f403 use only year and month for version check #309 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-04-13 16:33:57 +02:00
Thomas Sjögren
1c8699bcf3 revert grep thought fail 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-20 09:57:19 +01:00
Thomas Sjögren
740439d352 accept only if ADD in / #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-19 14:54:38 +01:00
Thomas Sjögren
cec124a162 exclude first ADD since its most often the base #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-19 14:27:02 +01:00
Thomas Sjögren
d942b12e0a INFO shouldnt increase score #362 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-03-14 10:32:39 +01:00
Boris Gorbylev
689a5a62c5
Fixed check 2.9 
Signed-off-by: Boris Gorbylev <ekho@ekho.name>
 2019-02-21 19:15:38 +03:00
Thomas Sjögren
7e3ecaf17d catch root with uid and name as well #358 CVE-2019-5736 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-02-13 14:58:34 +01:00
Thomas Sjögren
a911c23915 4.9 resulttestjson "INFO" #356 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-01-24 16:46:51 +01:00
Anthony Roger
1dd7956760 feat: add the ability to select the images to be check from registry in order to integrate in ci 
Signed-off-by: Anthony Roger <aroger@softwaymedical.fr>
 2018-12-11 14:39:16 +01:00
telepresencebot2
4bf876296a fix test 7.4 using 5.25 as a model 
Signed-off-by: Taylor Lucy <talucy@franklinamerican.com>
 2018-11-14 14:30:51 -06:00
Thomas Sjögren
391e09f76a linting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-01 10:24:36 +01:00
Thomas Sjögren
d5b900ce05 use mountpoint and DockerRootDir #332 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-23 15:26:41 +02:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Thomas Sjögren
773625a894 ref #325 daemon.json permissions 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-09-27 09:49:32 +02:00
Thomas Sjögren
feced0f6b2
Merge pull request #313 from nbrownuk/issue295-fix-tls-config-check 
Fixes incorrect reporting of TLS configuration in test 2.6
 2018-08-08 11:58:47 +02:00
Thomas Sjögren
f1137cd36a dont decrease 5.29 #316 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-08-06 09:51:06 +02:00
Joe Williams
cfb3357a12 fix docker user json output 
This prints out the docker users in a similar fashion to the other tests, including `INFO` rather than just the system command output.

Signed-off-by: Joe Williams <joe.williams@github.com>
 2018-07-26 15:07:59 -04:00
Nigel Brown
167c3507a2 Fixes incorrect reporting of TLS configuration in test 2.6 
Signed-off-by: Nigel Brown <nigel@windsock.io>
 2018-07-10 14:35:30 +01:00